Nederlands
English
Français
Deutsch
Español
PortuguêsMicrosoft detected a phishing campaign using AI-generated code obfuscated with business terminology. Despite sophisticated tactics, Defender for Office 365 blocked the attack using behavioral analysis.
AI vs. AI: The New Cybersecurity Battlefield
Microsoft Threat Intelligence has successfully detected and blocked a sophisticated phishing campaign that leveraged AI-generated code to obfuscate its malicious payload. The campaign, discovered on August 18, 2025, represents a significant evolution in cybercriminal tactics as attackers increasingly adopt artificial intelligence to enhance their operations.
Sophisticated Obfuscation Technique
The attackers employed a unique method of hiding their malicious intent by using business-related terminology to disguise the phishing payload. The SVG file attached to phishing emails contained what appeared to be a legitimate business analytics dashboard, complete with chart bars and month labels. However, these elements were rendered completely invisible to users through opacity and transparency settings.
"The code was not something a human would typically write from scratch due to its complexity, verbosity, and lack of practical utility," stated Microsoft Security Copilot in its analysis of the campaign.
Business Terminology as Malicious Code
The attackers encoded the malicious payload using a sequence of business-related terms like "revenue," "operations," "risk," and "shares" concatenated into a hidden data-analytics attribute. Embedded JavaScript then systematically processed these business terms through multiple transformation steps, reconstructing the hidden functionality from what appeared to be harmless business metadata.
Detection and Prevention
Despite the sophisticated obfuscation, Microsoft Defender for Office 365 successfully detected and blocked the campaign through AI-powered protection systems. The detection relied on multiple signals including suspicious infrastructure, behavioral indicators, and message context patterns that remained unaffected by the AI-generated obfuscation.
Microsoft recommends organizations implement recommended security settings and enable features like Safe Links and Zero-hour auto purge to protect against similar emerging threats.
